HR 811: Separating Truth From Fiction in E-voting Reform
What would HR 811 do? Among other things:
* Raise the floor, not create a ceiling. The higher standards required by HR 811 would provide the beginning, not the end, of serious election reform. States wishing to, say, ban all electronic voting machines, impose stricter audit requirements, or force vendors to publicly disclose all of their source code will remain free to do so, as they are today. If HR 811 becomes law, however, states would not be permitted to lag behind in many important areas as so many do today.
* Require the generation of a voter-verified paper ballot. HR 811 would forbid in federal elections the use of direct recording electronic voting machines (DREs) that do not generate voter-verified paper ballots (VVPBs). See proposed Sec. 301(a)(2)(A)(i): "The voting system shall require the use of or produce an individual, durable, voter-verified paper ballot of the voter?s vote that shall be created by or made available for inspection and verification by the voter before the voter?s vote is cast and counted." States wishing to impose additional requirements regarding what to do with VVPBs, such as a mandatory hand-count of all paper ballots, would be able to do so.
* Require manual audits of every federal election. HR 811 would not mandate (or forbid) the counting of VVPBs in all circumstances. Instead, HR 811 would require, for the first time in American history, across-the-board manual audits of federal elections. See proposed Sec. 321(a)(1): "[E]ach State shall administer, without advance notice to the precincts selected, audits of the results of elections for Federal office held in the State (and, at the option of the State or jurisdiction involved, of elections for State and local office held at the same time as such election) consisting of random hand counts of the voter-verified paper ballots ..." Specifically, HR 811 would require audits of 3-10% of all precincts in every federal election (see proposed Sec. 322), depending on the apparent margin of victory and except in the case of landslide victories. This would be a breathtaking and unprecedented achievement. By contrast, federal law currently contains no audit requirement at all. States believing that initial hand counts or more robust audit protocols are more appropriate for their voters would have every right to impose such requirements.
* Require the disclosure of voting system source code in limited circumstances. HR 811 would, for the first time under federal law, explicitly mandate the disclosure of voting system source code to certain "qualified persons," identified as (among others) parties to litigation and individuals who "review, analyze, or report on the technology solely for an academic, scientific, technological, or other investigation or inquiry concerning the accuracy or integrity of the technology." See proposed Sec. 301(a)(8)(C). Individuals seeking such access would, in some circumstances, be required to sign a non-disclosure agreement. Just as now, however, individuals who lawfully acquire voting system source code independent of the (non-exclusive) procedures set forth by HR 811 (see, for example, Avi Rubin's groundbreaking analysis of Diebold source code that was leaked onto the Internet) would be free to analyze the code accordingly. States wanting even greater transparency could mandate broader disclosure requirements (see proposed Sec. 301(a)(8)(B)(ii)(II)), including disposing of any non-disclosure requirement or even mandating the use of open source software. Moreover, vendors themselves could dispense with the non-disclosure agreement requirement, either by explicitly granting permission to share otherwise secret source code or by utilizing open source systems.
What would HR 811 not do? The misconceptions and misrepresentations are, unfortunately, widespread.
* "HR 811 doesn't ban all DREs." True, but misleading. DREs, paperless or otherwise, are already permitted under federal law. HR 811 would ban the use of paperless DREs in federal elections unless they are retrofitted with printers that generate voter-verifiable paper ballots. An outright ban on DREs may or may not be possible with this Congress, but it is irrelevant to whether or not this bill should pass. Rep. Holt's strategy -- to convince Congress of the need to improve transparency in U.S. elections, regardless of technology -- is a sound one, one that many volunteers have expended extraordinary efforts to bring to fruition and one that could be on the verge of succeeding. Nothing has prevented or currently prevents now-vocal critics who are calling for an outright DRE ban from going through the process of drafting the appropriate legislative proposal and then soliciting the necessary support for it. But attempting to derail or hijack HR 811 as a vehicle to ram through an unlikely-to-pass DRE ban unnecessarily risks the passage of other important substantive requirements. And once again, nothing in HR 811 prohibits states from limiting the use of DREs of any kind or banning them altogether.
* "HR 811 reinforces secret vote counting." False. On the contrary, HR 811, if passed, would begin to open up the process. Federal law already permits the use of paperless DREs. Only 27 states currently require the use of voter-verified paper ballots (or voter-verified audit trails), and only 13 of those require audits. The lack of robust federal requirements, and the failure of straggler states to implement restrictions of their own, has led to the widespread use of suspect voting equipment like DREs. If enacted, HR 811 would, for the first time, place real restrictions on the use of electronic voting equipment. Again, if states think that HR 811's requirements aren't robust enough, they can pass legislation of their own.
* "HR 811 prohibits the disclosure of voting system software." False. HR 811 would for the first time federally mandate the disclosure of election-specific source code. The disclosure provision that emerged from committee is certainly not as broad as it could be. Public disclosure is not required, as the original language of HR 811 demanded. Yet as discussed above, HR 811 would explicitly protect the right of access for certain reviewers who currently have no such such guaranteed right and who have been routinely denied access to any software in some of the many battles that EFF has fought in the courts and elsewhere since 2003. The software industry fought long and hard behind the scenes to scuttle any disclosure requirement. That the current disclosure language emerged from committee at all is a testament to the many individuals, organizations, and lawmakers dedicated to election integrity who stood up in support of the bill instead of trying to tear it down. Make no mistake: this disclosure requirement is simply one of many initial steps in a long struggle towards full transparency of elections. But it is a critically important step, nonetheless. And once again, states may mandate any kind of additional disclosure, including an open source requirement, that they wish.
* "HR 811 makes voting system source code a trade secret." False, and demonstrates a profound misunderstanding of trade secrecy law. HR 811 does not, in any way, "create" trade secrets or transform voting system source code into a trade secret. Information either meets trade secret criteria -- created by each individual state, and not the federal government -- or it doesn't. As EFF and others have repeatedly experienced, the lack of guaranteed access to this code due to trade secrecy claims has been a major impediment to litigation over voting system failures, like the ongoing litigation brought by voters in Sarasota County, Florida, for which EFF serves as co-counsel. Far from "creating" trade secrets, HR 811 actually limits the protections offered by state trade secrecy laws to voting system source code. For example, the bill identifies "trade secrets" as one of the categories of information, protected in some circumstances by a mandatory non-disclosure agreement, that must be disclosed to qualified individuals who would have the newly-created right to review the software. Absent HR 811, litigants (such as those involved in the ongoing Sarasota County litigation) and computer science experts interesting in testing system integrity would have no guarantee of obtaining access to the source code at all. Individuals who do not enter into the non-disclosure agreements discussed in HR 811 would not be affected, and efforts to obtain access to code by other means would proceed as they always have. Critics may desire greater access to this code, as would EFF, but assertions that the bill would somehow "make the source code a government-recognized trade secret" are disingenuous. And here too, states can decide to step in and limit or even rescind the protections offered by their own trade secrecy laws.
* "Source code reviewers could be sued if they make false claims about source code obtained via the disclosure requirements of HR 811." True, but misleading. Individuals who make damaging false claims about any product, voting system-related or otherwise, subject themselves to potential liability but also enjoy the protections of the First Amendment which generally allows for honestly mistaken claims but does not protect malicious intentional lying. HR 811 would not, and should not, protect individuals who knowingly lie. On the other hand, HR 811 would explicitly permit code reviewers to publicly report their findings: the NDA signed by code reviewers must "allow the signatory to perform analyses on the technology (including by executing the technology), disclose reports and analyses that describe operational issues pertaining to the technology (including vulnerabilities to tampering, errors, risks associated with use, failures as a result of use, and other problems), and describe or explain why or how a voting system failed or otherwise did not perform as intended." See proposed Sec. 301(a)(8)(D)(viii). HR 811 wouldn't change the First Amendment, nor could it. But the First Amendment doesn't ordinarily protect knowing misrepresentations and neither would HR 811.
* "Experts who sign NDAs will be prohibited from reviewing other voting technology in the future." False. HR 811 would specifically require otherwise: a legal NDA "does not prohibit a signatory from entering into other nondisclosure agreements to review other technologies under this paragraph ..." See proposed Sec. 301(a)(8)(D)(ii).
I could, unfortunately, go on.
Attempts by certain vendors and election officials to derail meaningful reform that would implicate their existing technology, or underscore the potentially high cost of replacing it, are understandable and expected. However, advocates of more open and transparent elections do themselves and the voters of this country a disservice by attempting to undermine, with claims about the bill that are plainly wrong, the passage of important legislation that would make real and important gains.
EFF strongly supports the passage of HR 811 and hopes that you will as well. Don't just take my word for it: read the bill for yourself and then make your own decision. If you don't think that HR 811 goes far enough, then push for passage of complementary legislation, either in Congress or with your own state legislatures. EFF will continue to support sensible legislative proposals that can build on the foundation of HR 811. But whatever you do, don't fall for the false choice offered in the breathless rhetoric of the "all or nothing" contingent. Don't let the perfect be the enemy of the good. And HR 811 is good.
Recent DeepLinks Posts
Jul 22, 2016
Jul 21, 2016
Jul 21, 2016
Jul 21, 2016
Jul 21, 2016
- Abortion Reporting
- Analog Hole
- Anti-Counterfeiting Trade Agreement
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA Rulemaking
- Do Not Track
- E-Voting Rights
- EFF Europe
- Electronic Frontier Alliance
- Encrypting the Web
- Export Controls
- Fair Use and Intellectual Property: Defending the Balance
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2016 Copyright Review Process
- Free Speech
- Genetic Information Privacy
- Government Sabotage of Digital Security
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- International Privacy Standards
- Internet Governance Forum
- Know Your Rights
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- Mobile devices
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- State-Sponsored Malware
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trade Agreements and Digital Rights
- Trans-Pacific Partnership Agreement
- Travel Screening
- Trusted Computing
- UK Investigatory Powers Bill
- Video Games